Draiver: Security of Federal Information Systems

In light of recent events regarding the
security of government web sites, I want to remind you that each agency
is required to maintain adequate security of all information systems --
especially those that are publicly accessible. The importance of this
cannot be overstated.

The Chief Information Officers Council,
the National Institute of Standards and Technology (NIST) and the General
Services Administration (GSA) are working together to assist you in improving
computer security and critical infrastructure protection. They are
developing performance measures to assess computer security programs, compiling
sample policies and best practices to share across government, and developing
ways to facilitate the timely installation of security patches for known
vulnerabilities.

Technical and operational security guidance
is available to protect your web sites and computer systems. Please
ensure that your staff is following the guidance from NIST and GSA's Federal
Computer Incident Response Capability which may be found on their respective
websites -- http://csrc.nist.gov and http://www.fedcirc.gov.

All agency security practices should be
consistent with NIST/GSA guidance and with the security policies issued
by the Office of Management and Budget. In addition, the security
practices for your national security systems should comport with applicable
guidance for those systems. Thank you.